Security researchers have discovered a vulnerability in a piece of adware called Superfish that makes your computer vulnerable to all kinds of attacks. Superfish ships preloaded on many Lenovo computers, but can also be installed on any machine. Here’s what’s going on and how to test if you’re infected
Photo by Vertes Edmond Mihai
What Superfish Is
Superfish is basically run-of-the-mill adware software, but with some big security holes. Lenovo pre-installed it on some computers sold between October 2014 and December 2014, but any Windows computer can be infected.
Superfish is meant to place advertisements in your web browser. The problem is that the software also intercepts encrypted traffic, which opens up your computer to man-in-the-middle attacks (which work in a similar way to the Heartbleed security bug discovered last year).
Superfish also intercepts HTTPS connections. A post over at Errata Security shows that that the HTTPS certificate is incredibly easy to crack, which makes you even more vulnerable. For example, security research Chris Palmer found that when he visited Bank of America’s web site on a computer with Superfish installed, the bank’s certificate was signed by Superfish rather than VeriSign. This means attackers could use the certificate to create fake HTTPS web sites that grab your passwords, or even create viruses that are “signed” to look legitimate.
How to Test Your Computer And Remove The Superfish Software And Certificates
Thankfully, it’s easy to test to see if your computer is affected by Superfish. We had a handful of Lenovo PCs to test on and all ours were clear, but it only takes a second to test yours, so it’s worth testing regardless of what type of Windows machine you have. Uninstalling and removing Superfish is a bit more complicated, though.
- Head to this link to test if your computer has Superfish installed. If you get a no, you’re good, if you get a Yes, continue on. (Note: results may not be reliable if you use Firefox, so use Chrome or Internet Explorer.)
- Open the Windows Start menu or Start screen and search for “Uninstall a program”. Launch it.
- Right-click on “Superfish Inc VisualDiscovery” and select “Uninstall”, then enter your administrator password.
- Next, you need to uninstall the certificates. Head back to the Start menu and search for certmgr.msc. Launch it.
- Click on “Trusted Root Certification Authorities” and open Cirtificates.
- Look for any certificates that include Superfish Inc, and right-click to delete them
- Restart your browser then head back to the link in step 1 to test your computer.
With that, your system should be clear of Superfish, but if you’re really worried, the safest way to eradicate it is to do a clean install of Windows — without all the bloatware. Just make sure you back up your data first.